diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index c6dc41f299..0c6213e9e7 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -58,7 +58,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20' + node-version: 24 cache: 'npm' - name: Install dependencies diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 2fd737de86..376730e386 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -20,6 +20,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] + node-version: [20, 24] permissions: contents: read security-events: write # needed to upload ESLint results @@ -36,7 +37,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20.x' + node-version: ${{ matrix.node-version }} cache: 'npm' - name: Set up Python @@ -73,7 +74,7 @@ jobs: - name: Upload sarif uses: github/codeql-action/upload-sarif@v3 - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-latest' && matrix.node-version == 24 with: sarif_file: eslint.sarif category: eslint diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index aabcc144b0..fa89d2d935 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -34,7 +34,7 @@ jobs: - name: Install Node.js uses: actions/setup-node@v5 with: - node-version: 20.x + node-version: 24 cache: npm - name: Install dependencies diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index e64135d841..6705d7d14b 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -43,7 +43,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20.x' + node-version: 24 cache: 'npm' - name: Install dependencies diff --git a/CHANGELOG.md b/CHANGELOG.md index 41d89f885d..b28a41390c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## 3.30.7 - 06 Oct 2025 + +No user facing changes. + ## 3.30.6 - 02 Oct 2025 - Update default CodeQL bundle version to 2.23.2. [#3168](https://github.com/github/codeql-action/pull/3168) @@ -236,17 +240,13 @@ No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. [#2520](https://github.com/github/codeql-action/pull/2520) - - If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. - - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.26.11` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.26.11` in your code scanning workflow to ensure you continue using this version of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts. - Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then. - This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES. - Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519) @@ -369,12 +369,9 @@ No user facing changes. ## 3.25.0 - 15 Apr 2024 - The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224) - As a result, the following inputs and environment variables are now ignored: - - The `setup-python-dependencies` input to the `init` Action - The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable - We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0. - Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229) - Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 493ae847cf..13614cb011 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,7 +13,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c ## Development and Testing -Before you start, ensure that you have a recent version of node (16 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`. +Before you start, ensure that you have a recent version of node (24 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`. ### Common tasks diff --git a/README.md b/README.md index c5b8eab811..d4e5320b3b 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,8 @@ For compiled languages: The following versions of the CodeQL Action are currently supported: -- v3 (latest) +- v4 (latest) +- v3 ## Supported versions of the CodeQL Bundle on GitHub Enterprise Server diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index e5ccfa9f98..a9b163bc16 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index c60a3692a9..c2788900b3 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { @@ -94123,6 +94123,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index b65cb80434..4cde47d65b 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { @@ -79872,6 +79872,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index ff5a35731f..e138420a3e 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { @@ -131599,6 +131599,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/init-action.js b/lib/init-action.js index 8e246aebb0..2f509ad0ee 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { @@ -90274,6 +90274,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 8ace1ec0bc..67cb394e74 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { @@ -79499,6 +79499,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index e0ff1691ae..a52eadfc51 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 91a4880ef2..f262402cf9 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -44974,7 +44974,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { @@ -95649,6 +95649,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/upload-lib.js b/lib/upload-lib.js index fb3980402d..a6342ff212 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -33584,7 +33584,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index e9b083b3c3..233b73d473 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 9efd8515be..7ad72583b5 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { @@ -89910,6 +89910,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/package-lock.json b/package-lock.json index 46ec821b83..e4854d5dd5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "3.30.6", + "version": "4.30.7", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "3.30.6", + "version": "4.30.7", "license": "MIT", "dependencies": { "@actions/artifact": "^2.3.1", diff --git a/package.json b/package.json index 31389bb802..32b427bb41 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.30.6", + "version": "3.30.7", "private": true, "description": "CodeQL action", "scripts": { diff --git a/src/autobuild.ts b/src/autobuild.ts index 1812e35017..ce3d45cc4e 100644 --- a/src/autobuild.ts +++ b/src/autobuild.ts @@ -52,11 +52,11 @@ export async function determineAutobuildLanguages( * For example, consider a user with the following workflow file: * * ```yml - * - uses: github/codeql-action/init@v3 + * - uses: github/codeql-action/init@v4 * with: * languages: go, java - * - uses: github/codeql-action/autobuild@v3 - * - uses: github/codeql-action/analyze@v3 + * - uses: github/codeql-action/autobuild@v4 + * - uses: github/codeql-action/analyze@v4 * ``` * * - With Go extraction disabled, we will run the Java autobuilder in the diff --git a/src/init-action-post-helper.test.ts b/src/init-action-post-helper.test.ts index 72a828a33f..1c1cbcb684 100644 --- a/src/init-action-post-helper.test.ts +++ b/src/init-action-post-helper.test.ts @@ -84,14 +84,14 @@ test("uploads failed SARIF run with `diagnostics export` if feature flag is off" }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -108,14 +108,14 @@ test("uploads failed SARIF run with `diagnostics export` if the database doesn't }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -135,14 +135,14 @@ test("uploads failed SARIF run with database export-diagnostics if the database }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -192,14 +192,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) { }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", upload: uploadInput, @@ -227,14 +227,14 @@ test("uploading failed SARIF run succeeds when workflow uses an input with a mat }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "/language:${{ matrix.language }}", }, @@ -254,14 +254,14 @@ test("uploading failed SARIF run fails when workflow uses a complex upload input }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { upload: "${{ matrix.language != 'csharp' }}", }, diff --git a/src/status-report.ts b/src/status-report.ts index b0e39aa54b..9bfd14677d 100644 --- a/src/status-report.ts +++ b/src/status-report.ts @@ -375,6 +375,12 @@ export async function createStatusReportBase( logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.`, ); + + // Re-throw the exception in test mode. While testing, we want to know if something goes wrong here. + if (isInTestMode()) { + throw e; + } + return undefined; } } diff --git a/src/workflow.test.ts b/src/workflow.test.ts index 9af81459ef..e922d8079c 100644 --- a/src/workflow.test.ts +++ b/src/workflow.test.ts @@ -395,9 +395,9 @@ async function testLanguageAliases( }, }, steps: [ - { uses: "actions/checkout@v3" }, - { uses: "github/codeql-action/init@v3" }, - { uses: "github/codeql-action/analyze@v3" }, + { uses: "actions/checkout@v4" }, + { uses: "github/codeql-action/init@v4" }, + { uses: "github/codeql-action/analyze@v4" }, ], }, }, @@ -666,7 +666,7 @@ test("getWorkflowErrors() should report a warning if different versions of the C analyze: steps: - uses: github/codeql-action/init@v2 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -686,8 +686,8 @@ test("getWorkflowErrors() should not report a warning if the same versions of th jobs: analyze: steps: - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -706,7 +706,7 @@ test("getWorkflowErrors() should not report a warning involving versions of othe analyze: steps: - uses: actions/checkout@v5 - - uses: github/codeql-action/init@v3 + - uses: github/codeql-action/init@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -723,9 +723,9 @@ test("getCategoryInputOrThrow returns category for simple workflow with category analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: some-category `) as Workflow, @@ -745,9 +745,9 @@ test("getCategoryInputOrThrow returns undefined for simple workflow without cate analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 `) as Workflow, "analysis", {}, @@ -765,19 +765,19 @@ test("getCategoryInputOrThrow returns category for workflow with multiple jobs", foo: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 - runs: ./build foo - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: foo-category bar: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 - runs: ./build bar - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: bar-category `) as Workflow, @@ -800,11 +800,11 @@ test("getCategoryInputOrThrow finds category for workflow with language matrix", matrix: language: [javascript, python] steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 with: language: \${{ matrix.language }} - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: "/language:\${{ matrix.language }}" `) as Workflow, @@ -824,9 +824,9 @@ test("getCategoryInputOrThrow throws error for workflow with dynamic category", jobs: analysis: steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: "\${{ github.workflow }}" `) as Workflow, @@ -851,12 +851,12 @@ test("getCategoryInputOrThrow throws error for workflow with multiple calls to a analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: some-category - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: another-category `) as Workflow, diff --git a/start-proxy/action.yml b/start-proxy/action.yml index 14d2cd1f89..17fc3bbe64 100644 --- a/start-proxy/action.yml +++ b/start-proxy/action.yml @@ -16,6 +16,9 @@ inputs: language: description: The programming language to setup the proxy for the correct ecosystem required: false + matrix: + default: ${{ toJson(matrix) }} + required: false outputs: proxy_host: description: The IP address of the proxy